Several git commands are implemented as shell scripts that run awk, sed, grep
and perl. There is some existing patching in the postinstall for perl to rewrite
it to an absolute reference to pkgs.perl, but several other packages are both
missing as a dependency and have no rewrite logic.
In particular git filter-branch depends on sed and grep.
Additionally, the perl logic also seds git-am, which is now a binary not a shell
script anymore (see <github.com/git/git/blob/master/builtin/am.c>), so this part
was obsolete.
I tested this by grepping all shell scripts for the relevant commands and then
comparing the diffs of the new version to what is produced in master. All
changes in the scripts seem good to me.
Improve patching of curl to use NIX_SSL_CERT_FILE as default CA
Remove patches from git, as git uses curl and passes its environment
variables to curl.
CGI.pm was removed from Perl core in v5.22, breaking the gitweb.cgi
script and thus NixOS' services.lighttpd.gitweb. Nixpkgs switched to
Perl 5.22 with a85ba820a4 ("perl: Make 5.22 the default").
Fix it by bringing in the Perl CGI module (and dependency HTMLParser).
The closure size of "nix-build -A git" increase by 1 MiB, to 201 MiB.
There are a lot of scripts in contrib (e.g. `diff-highlight`) that
contain perl shebang line. But `patchShebangs` is unablle to fix this
without explicitly listing `perl` in `buildInputs`.
This allows git to work on systems without
/etc/ssl/certs/ca-certificates.crt, such as OS X, instead of failing
with "error setting certificate verify locations".
The following parameters are now available:
* hardeningDisable
To disable specific hardening flags
* hardeningEnable
To enable specific hardening flags
Only the cc-wrapper supports this right now, but these may be reused by
other wrappers, builders or setup hooks.
cc-wrapper supports the following flags:
* fortify
* stackprotector
* pie (disabled by default)
* pic
* strictoverflow
* format
* relro
* bindnow